Contact your Parish Council
Business Continuity Arrangements 2009-10: Appendix 1
Maidstone Borough Council
Corporate Business Continuity Plan
Incident timeline
Table 1 – Key Mission Critical Services
No |
Mission Critical Service |
Recovery Time Objective[1] |
Section’s BCP ………. |
5 |
Contact Centre |
24 hours |
Complete |
8 |
IT |
24 hours |
Complete |
12 |
Emergency Planning |
24 hours |
Complete |
1 |
Homelessness |
24 hours |
Complete |
6 |
Environmental Health |
24 hours |
Complete |
11 |
Building Control |
24 hours |
Complete |
2 |
Finance (including revenues) |
2 – 3 days |
Complete |
9 |
Bereavement Services |
2 – 3 days |
Complete |
7 |
Street Cleansing |
2 – 3 days |
Complete |
10 |
PR / Communications |
2 – 3 days |
Complete |
3 |
Waste Collection |
1 – 2 weeks |
Complete |
4 |
Housing Benefits |
1 – 2 weeks |
Complete |
Table 2 – Key Threats to Mission Critical Services
No |
Threat |
Risk Score[2] |
Recovery Strategy Status[3] |
1 |
Loss of IT |
D2 |
Complete |
4 |
Loss of telecoms |
D2 |
Complete |
5 |
Utility outage |
D1 |
Complete |
6 |
Loss of site |
D1 |
Some work required |
2 |
Loss of people |
C2 |
Complete |
3 |
Extreme weather |
B3 |
Complete |
8 |
Loss of a major contractor / partner |
C3 |
Complete |
7 |
Financial loss |
E3 |
N/A |
Section 1: MISSION CRITICAL SERVICES MATRIX
This section was completed at the Business Impact Analysis workshop with the group on 31st October 2007, and built on the work previously undertaken in this area, to ensure this key information is up to date and relevant moving forward.
The matrix on page 5 was used to prioritise mission critical services. The numbers in the matrix represent the services listed in section 2.
Each mission critical service was rated in terms of its time sensitivity and the impact on the organisation if the service was interrupted. When deciding time sensitivity the group considered how quickly each service would have to be up and running if it were interrupted. The impact was judged as the impact to the Council’s overall aims and objectives the loss of a service would have.
The matrix allows MCSs to be prioritised, i.e. the key strategic, operational or support services most important to Maidstone BC discharging its duties, and key strategic aims and objectives. The group prioritised services according to how important they are in a ‘normal’ business week.
It should be noted that any service delivered externally by a partner or contractor that is key to Maidstone BC should also be considered. As part of due diligence we would recommend Maidstone BC puts in place arrangements to ask the question of key partners what their BCM arrangements are, and how confident they would be if there was an interruption.
Figure 1: Mission Critical Services Matrix
Section 2: CRITICAL SERVICES PRIORITISATION
Table 2.1
No |
Service |
Key Service Element (that makes this a priority) |
Potential Impact of loss |
Maximum time period within which service needs to be resumed |
5 |
Contact Centre |
· Call centre, face to face, support services |
· No public contact · Unable to respond to public service requests · Issues around information dissemination |
24 hours |
8 |
IT |
· Network, IT systems / servers, Telephony |
· Resort to manual procedures, loss of data, no contact to council if no telephony |
24 hours |
12 |
Emergency Planning |
· Emergency Planning team |
· Unable to respond / contribute effectively in an emergency situation |
24 hours |
1 |
Housing |
· Homelessness |
· Failure to house homeless · Potentially a number of people without accommodation or access to it |
24 hours |
6 |
Environmental Health |
· H&S, Pollution |
· Failure to carry out statutory and public health issues |
24 hours |
11 |
Building Control |
· Surveying expertise, dangerous structures |
· Failure to carry out statutory functions |
24 hours |
2 |
Finance (including revenues) |
· Collecting revenue, payment of staff · Payment of contractors · Day to day banking operations |
· No revenue coming in, staff not paid · Loss of income · Inability to make payments and to ensure funds in place to meet daily cashflow requirements |
2 – 3 days |
9 |
Bereavement Services |
· Provision of bereavement services in the local area · Crematorium |
· Inability to carry out cremations leading to a possible public health issue and loss of “trade” to other local crematoria |
2 – 3 days |
7 |
Street Cleansing |
· Key service customers expect from the council |
· Public health issues · Failure to carry out statutory responsibilities · Extra strain on customer services · Reputation affected |
2 – 3 days |
10 |
PR / Communications |
· PR |
· No communication to public, loss of reputation |
2 – 3 days |
3 |
Waste Collection |
· Key service customers expect from the council |
· Public health issues · Failure to carry out statutory responsibilities · Extra strain on customer services · Reputation affected |
1 – 2 weeks |
4 |
Housing Benefits |
· Payment of benefits |
· Unable to pay benefit · Possible homelessness issues · Tenancy difficulties · Failure to carry out statutory responsibilities |
1 – 2 weeks |
Section 3: RISK IDENTIFICATION & ANALYSIS
A major part of Business Continuity Management is to ensure that the likelihood of MCS’s being affected by an incident is minimised, and an adequate set of controls is defined, implemented and appropriately managed. Together with a Business Impact Analysis the Risk Assessment provides information that enables an organisation to determine its risk appetite.
Figure 2: Threat Matrix
Table 3.1
No |
Key Threat |
Potential causes that will trigger the Risk |
Risk Width (which MCS’s will potentially be impacted?) |
Risk Score |
Current Mitigation |
1 |
Loss of ICT
|
· Virus · Power outage · Loss of staff · Loss of property · Air-conditioning |
· Public health · Comms · Benefits · Contact centre · Payments · Waste collection · Street cleansing · Building control |
D2 |
· Anti-virus · Standby generator · Firewalls |
A Disaster Recovery Plan For IT Already Exists |
|||||
4 |
Loss of telecoms
|
· Major incident · Loss of key utilities · Loss of IT |
· Potentially all services |
D2 |
· Emergency plan · Business continuity plan · Generator · Alternative arrangement with KCC · One BT line · Different providers for incoming and outgoing calls |
5 |
Utility outage (power, water, gas, drainage) |
· Strike · Cable / pipe broken · Adverse weather · Drought · Failure at electricity / pumping station |
· Potentially all services |
D1 |
· Generator · ICT DR Plan · Homeworking · Biomass boiler |
6 |
Loss of site |
· Major incident |
· Site dependent, loss of main site/s would affect all services apart from cem/crem, street cleansing and waste collection |
D1 |
· Alternative site · Homeworking |
2 |
Loss of people |
· Strike · Illness / pandemic · Adverse weather · Lottery win · Fuel shortage · Major local emergency
|
· Potentially all services |
C2 |
· Local pay structure · Reasonable number of staff living within walking distance of offices · Pandemic continuity plan · Emergency plan · Fuel continuity plan · Health & Safety procedures · Homeworking · Partnership support
|
3 |
Extreme weather |
· Rain, snow, wind, extremes of temperature |
· Potentially all services |
B3 |
· As per loss of people (2) |
8 |
Loss of a major contractor / partner |
· Supplier / partner insolvency · Supplier / partner has poor Business Continuity Plan · Poor relationship or dispute with supplier / partner |
· Waste collection · Leisure services |
C3 |
· Procurement procedures |
7 |
Financial loss
|
· Fraud · Negligence · Poor financial controls · Individual integrity · Disgruntled employee · Poor contract management |
|
E3 |
· Internal audit · Financial regulations · Procurement procedures |
Section 4: Incident Management Plan
Purpose & Scope
The purpose of this document is to assist the organisation to be able to define an incident response structure that will enable an effective response & recovery from disruptions. The Business Continuity Standard BS 25999 states –
“In any incident situation there should be a simple and quickly-formed structure that will enable the organisation to:
· Confirm the nature and extent of the incident
· Take control of the situation,
· Contain the incident, and
· Communicate with stakeholders”
This document is not intended to be a prescriptive list of actions to take to manage an incident.
This document should be read in conjunction with:
· Chapter 2: Business Impact Analysis & Recovery Strategies which details the Mission Critical Services.
· Individual BCPs for individual mission critical services.
Please detail all reviews made even if document is not amended. All members of the strategic and tactical teams should receive the latest version of this document when it is updated.
Table 4.1.1
Version |
By |
Date |
Comments |
1 |
PT |
13 February 2008 |
|
2 |
PT |
1 September 2008 |
|
3 |
DL |
September 2009 |
|
Table 4.1.2
Date |
Description of Test Exercise |
Parties Involved in Test |
Jul/Aug
|
Desk top test of individual BCPs |
Unit managers of key services |
4.2 Incident Management
4.2.1 Incident Management Structure
The purpose of the incident management structure is to form and react as soon as possible to the incident. On forming, those present can take decisions to apply appropriate resources to deal with an event as it occurs (ideally to prevent it becoming a crisis). It is essential for this reason that the team be made up from individuals representing core areas of the organisation.
A three layer level of response is proposed depending on the nature and scope of the incident. See Diagram 4.2.1.
Model applying to:
Strategic Direction Team |
Provides strategic direction. Holds ultimate responsibility. Represents the public face of the organisation. This may involve liaison with, or taking over an incident from, the Emergency Management Team once into the recovery phase. The Strategic Team is made up of the senior managers that would represent the organisation in the media.
It is not envisaged that an incident would result in consecutive running of both the BCP Strategic Team and the Emergency Management team as these are drawn from the same area of senior management. Should both plans be activated the Emergency Management Team would as a matter of course consider business continuity issues including maintaining minimum levels of service and the ability of MBC to respond to the emergency. Once this passes into the recovery stage then a similar team would continue to meet to concentrate on business continuity issues. |
Chief Executive Directors
Would also include the Head of Communications |
Tactical Management Team |
Assumes full responsibility for co-ordinating incident management. Provides detailed direction to managers and staff to effectively manage the incident at an operational level. Reports up to and advises the Strategic Direction Team. |
Assistant Directors Heads of Service incl Head of Communications |
Operational Level |
This is where the actions described in the Business Continuity Plan are actually carried out. People here are instructed and co-ordinated by the Tactical Management Team. |
Unit Managers Key staff |
At the early stages of an incident Chief Executive should decide whether the Strategic Direction on the whether it is necessary The Strategic Direction Team and the Tactical Management Team may be located together if the incident is small scale and local in nature then the two teams may be amalgamated.
Diagram 4.2.1 Structure Chart
Roles & Responsibilities
Table 4.2.1 below shows the responsibilities of members of the Strategic Direction Team.
Table 4.2.1 – Strategic Team[4]
Name |
Position |
Special Responsibilities (if any) |
' Work |
' Mobile |
' Home |
David Petford |
Chief Executive |
|
602027 |
|
|
Zena Cooke |
Director of Resources & Partnerships |
|
602345 |
|
|
Alison Broom |
Director of Prosperity & Regeneration |
|
602019 |
|
|
David Edwards |
Director of Change & Environmental Services |
|
602797 |
|
|
Roger Adley |
Head of Communications |
Press releases/media/public relations |
602758 |
|
|
NB: The strategic team will be made up of a selection of the above officers.
** Phones numbers withheld in this version **
4.2.2 Command Centre[5]
|
First Choice |
Second Choice |
Nominated Strategic Centre |
Emergency Centre |
Depot |
Capacity |
As per Emergency Plan |
|
Computer Equipment Held in Room |
As per Emergency Plan |
|
ICT Network Points in Room |
As per Emergency Plan |
|
Other Specialist Equipment Held if Necessary (e.g. Digital TV & Radio, fax) |
As per Emergency Plan |
|
Status of Command Centre (Red, Amber or Green) |
|
|
4.3 Incident Escalation and Invocation
It is vital that the Council has a clear and simple method by which it can quickly recognise a business continuity threat and act accordingly. It is better to over-react to serious incidents and then stand down members of staff than to under-react. The agreed escalation and invocation framework to be adopted and understood by all is set out in Sections 4.3.2 and 4.3.3, and depicted in Diagram 4.3.1.
4.3.2 Escalation
All staff have a responsibility to notify their line manager, or other appropriate manager, if they feel the Council’s ability to operate effectively may be in danger or there may be a need to invoke Business Continuity Plans. This should then be escalated until a member of the Strategic Direction Team is informed. During out-of-hours, the relevant service manager will be contacted by the out-of-hours service to escalate the response to the Strategic Direction Team if required.
4.3.3 Invocation
The Chief Executive and all representatives of Corporate Management Team have the authority to compel all other members of the team (or their deputies) to meet as soon as is reasonable to discuss an incident, or the threat of an incident, which could force Business Continuity Plans to be invoked.
4.4 Invocation – Strategic Direction Team
4.4.1 The First Few Hours (Checklist of Actions)
In the first 24 hours following a major incident there will be a number of actions that will need to be completed. Escalation to the Strategic Team may be necessary at any stage.
No. |
Action |
Completed By |
|
Decision taken to Invoke Business Continuity Plan |
|
1a |
Decide on location of Control centre. Call up other members of the Strategic Direction Team |
|
1b |
Open an Incident decision log (Appendix B) |
|
2a |
Consider publishing message on website/intranet. Consider setting up a hotline for staff to call in on. |
|
2b |
Decide when to review / update staff helpline message |
|
3a |
Determine nature of incident and extent of impact on services (Appendix A). This may be completed with the assistance of the Tactical Management Team. (Chapter 2 has the list of threats and the services they may impact) |
|
3b |
Ensure you have identified the priorities, i.e. the critical services affected, or likely to be affected, by the incident (Chapter 2 has the prioritised list of Mission Critical Services) |
|
3c |
Identify the Recovery Time Objectives. Ensure you have identified both the short term priorities (< 24 hours) and the longer term actions (over days or weeks). Chapter 2 contains the RTOs, although these may change depending on the nature of the incident |
|
3d |
Identify which Business Continuity Plan has to be invoked (these are listed in Chapter 3 and set out in Chapter 5) |
|
3e |
Identify who should lead the Tactical Management Team, contact him/her and brief them on the situation. Agree a time for the next situation report. |
|
3f |
Identify not only the priorities for recovering mission critical services, but also consider the unaffected mission critical services which may need protecting/sustaining while effort is focused on recovery. |
|
3g |
Consider naming an extra individual responsible for liaison, e.g. with other teams involved or those managing an incident at another site |
|
No. |
Action |
Completed By |
4a |
Ensure costs are recorded. Gain authorisation from Finance Dept for emergency expenditure – Log Expenditure Decisions |
|
4b |
Consider a communication to key stakeholders (including Members) and any relevant regulatory bodies |
|
5 |
Liaise with IT/Customer Call Centre/Switchboard and departmental/service IT Officer |
|
6 |
Consider temporarily diverting incoming calls to Customer Call Centre or another emergency call centre. Consider providing a pre-recorded message giving alternative telephone number |
|
7 |
Agree monitoring process for plan and frequency of reports and Strategic Direction Team meetings |
|
8 |
On conclusion of incident, stand down Tactical Management Team and instigate “Lessons Learned Review” |
|
4.4.2 …and thereafter (Checklist of Actions)
4.5 Tactical Team – Generic Actions
Note – the detailed actions for service recovery pertinent to the incident are set out in the relevant Business Continuity Plan.
No |
Action |
Completed By |
1a |
On receipt of the message from the Strategic Direction Team invoking a Business Continuity Plan, decide on a venue for the Command Centre and call up members of the Incident Management Team. |
|
1b |
Open an incident log (see Appendix B) |
|
2a |
Ensure you have a clear situation report from the Strategic Direction Team. Hold team briefing on incident |
|
2b |
Read through relevant Recovery Strategy and Business Continuity Plan. Identify items for action that fall within remit and authority |
|
2c |
Agree plan with timescales, milestones and responsible person for each action. Log decisions taken. |
|
2d |
Identify issues for escalation to Strategic Team (e.g. financial requirements and communication with media etc) |
|
2e |
Issue instructions to managers and staff at the appropriate operational level to ensure that actions identified are implemented |
|
3 |
Agree reporting channels, frequency of meetings and additional team members required and agencies involved. |
|
4 |
Agree time to meet with strategic team |
|
5 |
Review plan after strategic team meeting |
|
Appendix A – Incident Assessment Form
This table is to be used by the Strategic Direction team (maybe with input from the Tactical management Team) for completing an initial assessment of which mission critical services have been impacted and the likely duration of the impact.
Priority Order |
Mission Critical Activity / Service |
Key service element |
RTO |
IMPACT (in next 2 hrs to 2 weeks) |
1 |
Contact Centre |
|
24 hours |
|
2 |
IT |
|
24 hours |
|
3 |
Emergency Planning |
|
24 hours |
|
4 |
Homelessness |
|
24 hours |
|
5 |
Environmental Health |
|
24 hours |
|
6 |
Building Control |
|
24 hours |
|
7 |
Finance (including revenues) |
|
2 – 3 days |
|
8 |
Bereavement Services |
|
2 – 3 days |
|
9 |
Street Cleansing |
|
2 – 3 days |
|
10 |
PR / Communications |
|
2 – 3 days |
|
11 |
Waste Collection |
|
1 – 2 weeks |
|
12 |
Housing Benefits |
|
1 – 2 weeks |
|
Note : Columns 2,3 and 4 should be populated from the Business Impact Assessment in advance of an incident.
Appendix B – Decision Log
Entry No. |
Date |
Time |
Information / Message |
Options |
Action / Decision Taken |
Rationale for Decision |
Initials |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Appendix C – Key Documents and Files
Corporate BCP is uploaded onto Pandora with copies held electronically by Paul Taylor and David Harrison.
Key Service BCP’s are uploaded onto Pandora Team site with hard copies retained by Service Managers in the battle boxes.
[1] The time within which the service has to be functioning at a reasonable level after an interruption
[2] See Section 3: Risk Identification & Analysis, p8 for risk matrix
[3] See Section 4: Recovery Strategies for More Detail
[4] The Strategic Direction Team and the Tactical Management Team may be located together if the incident is small scale and local in nature or the two teams may be amalgamated.
[5] Separate Command centres may be required for the Strategic Direction Team and the Tactical Management Team if the incident is a large scale one.